cryptography and use of python programming languageThere are some nice libraries for python, such as SAGE or Charm and it's a high level language so it's good for producing working programs quickly. On the other hand it sucks for high performance and side channel resistant crypto implementations. So it's nice for research but not for production crypto.

Multi cipher CTR@user1028028 Why would you want to do that? It's secure as far as I can tell if all blockciphers are secure, but it's very silly.

Apr8

comment

Convert SpookyHash to semi-secure 192bit hashYou can't really trade security against brute-force vs. performance that way. You can reduce the resistance to future cryptoanalysis for a moderate gain in performance by taking a standard crypto hash and reducing the number of rounds to slightly above the best current result.

RSA: Letting $p$ and $q$ have different bit-sizeThe cost of some factoring methods depends on the size of the modulus (GNFS) other methods depend on the size of the smallest prime (ECM). You need to ensure that the size of the factors is large enough so that the cost of ECM exceeds the cost of GNFS.

Why does Fortuna RNG use double SHA-256?It's easier to fix a dubious property of a building block than it is to argue why you're absolutely sure that it's not a vulnerability. Another advantage of this approach is that it makes it easier to prove the security of a higher level construction. So even if they believe that length extensions are a problem many cryptographers prefer the safe choice of using a stronger hash.

Is it secure to choose d in a RSA key pair?If you can't use a different algorithm with faster signing/decryption, you could use multi-prime RSA and CRT. It's not a big speedup, but still nice if performance is really important.

Mar27

comment

Is Curve25519-java secure?I just looked at the NXT coin crypto implementation. They generate the nonce by reducing a 256 bit value modulo the order. Such a reduction causes a bias, which can be exploited for some curves (Bleicherbacher described an attack on DSA based on this). Ed25519 reduces a 512 bit number instead of a 256 bit number to avoid these biases. But NXT coin got lucky that the order of Curve25519 is very close to a power-of-two decreasing the bias, so as far as I can tell it can't actually be exploited.

Mar27

comment

Is Curve25519-java secure?@Gracchus The API of Curve25519-java is so awkward that few people will be able to use it correctly. It doesn't matter if your crypto works in theory if nobody is able to use it.

Mar27

comment

Is Curve25519-java secure?I just checked: It simply pushes the responsibility onto the caller. Since it's pretty hard to generate a good enough nonce, any caller who isn't a crypto expert will almost certainly get it wrong.